[Fork] FreshTomato-ARM

Discussion in 'Tomato Firmware' started by kille72, Apr 15, 2018.

  1. txnative

    txnative Addicted to LI Member

    all versions of tomato supports 3g modem and 4g/lte as alternative to using dhcp, static, pppoe, that are located under Basic Settings, Network, capture-tomato-usb..png there are a couple things you should read before using it with your router first and decide if its for you. For give me but I don't use this feature and maybe someone can give you more answers. Do a search here about using it there are countless threads and posts that should help you. the image above is located under, USB & NAS but your answer maybe it isn't supported?
    Last edited: Apr 29, 2018
  2. txnative

    txnative Addicted to LI Member

    Are you referring to 16000 kbps default rate? I suppose you are familiar to using tomato and clearing nvram then, right? What model and type of firmware VPN or AIO?
  3. bd0426

    bd0426 Networkin' Nut Member


    First… To the FreshTomato crew, thank you for resurrecting this project. I only wish I would have stumbled on to it sooner. …And to the posters of this forum for the sheer volume of knowledge you are willing to share freely that has been so helpful over the years.

    My apologies if I have posted this in the wrong place.

    After moving from Toastman 1.28.8510.5 that has been on there since very early 2017 and trying a few of the recent betas (025, 031)and now the 2018.2 release I would like to know if anyone has run into the same issues I seem to have and perhaps were able to solve them in some way I haven’t tried yet.

    I have an Asus RT-AC3200 (a few actually) that has had a wireless issue I can’t seem to solve or otherwise work-around and a jffs problem that I was able to work-around.

    Most of the stuff I use on the router works great. OpenVPN, SSH, VLAN, and DNSMasq.

    On the 2.4GHz radio, after some troubleshooting and the process of elimination it appears I cannot successfully attach more than 9 devices to the 2.4GHz AP at once. Any device that becomes the 10th gets ignored by the AP and reports an authentication error on the client device. If I remove any other device from the AP, the device that couldn’t connect will. The logs in the 3200 show “wlc_ap_auth resp: out of scbs for xx:xx:xx:xx:xx:xx” where xx:xx:xx:xx:xx:xx is the mac address of the device that can’t connect when this occurs.

    At first I thought it was related to using multiple SSIDs, but after erasing NVRAM (thorough) and setting it up as a stock 2.4GHz AP only it exhibited the same behavior. The “max wireless clients” is set to 32, which is apparently the highest number that field will allow. I don’t know if either of the 5GHz radios also exhibits this behavior due to my low number of 5GHz devices (6 total). The same 3200s work ok with Asus, Merlin 380.69_2 and the last Toastman (1.28.8510.5) firmwares. Has anyone else experienced this?

    The other thing I had an issue with was jffs. Although I was able to work around it by adding a USB flash drive, I can’t enable it on this unit. I read a post a while back by Merlin saying something was unusual about the file system structure of this particular model, but I can’t seem to find that info again. So, in this case I am not seeking a solution as much as confirmation that it’s just the way it is with this particular unit. I have tried ‘enable’ then ‘save’, ‘enable’ then ‘format/erase’, ‘enable’ then ‘format/erase’ then ‘save’. They all yield ‘not loaded’.

    Any insight, particularly to the wireless issue is greatly appreciated.
  4. txnative

    txnative Addicted to LI Member

    Unfortunately I don't use a Asus however, there a few of main characters that do and maybe they'll come around and help with diagnosing the problem which is unusual, as this is the first I've seen however i don't doubt what your experiencing. You mentioned that in the Advanced section wireless, max clients won't allow more than 39? You have not added the devices to wireless filter or done anything with dhcp/arp/bw? Are wireless devices on some static connection in the adapters?Did you try delete the wireless adapter settings and recreate a new connection?
  5. eangulus

    eangulus Network Guru Member

    I had a similar issue. Please check the advanced wifi settings. There is a setting there that sets a client limit on wifi. Max setting is 255 but I found mine had lowered for some reason and setting it back to 255 fixed my issue.

    Sent from my Pixel XL using Tapatalk
    txnative likes this.
  6. pegasus123

    pegasus123 Addicted to LI Member

    no im referring to INBOUND QOS classification (the graph). Im use VPN R7000, 2018.2.

    The 2017.3 does not seem to have that problem.
    edusodanos likes this.
  7. txnative

    txnative Addicted to LI Member

    I apologize for not understanding your issue with qos, inbound classification, but as i don't have a spare arm router on hand to duplicate what your asking to look into. the freshtomato team kille72 and a few others may have more insight on this issue and may have to look into commits of past to now if any changes may have caused this type of issue in 2018.2 version. I use a netgear r6300v2 and currently running beta testing for another member so i can't help sorry. I personally don't use default settings on my router and custom set up qos is my choice, but what you are explaining doesn't make sense, so that would mean it would need to be replicated if they don't find a problem in the code. Thank you
    pegasus123 likes this.
  8. ArmsAsuncion

    ArmsAsuncion Network Newbie Member

    I believe it's already a known issue, and a temporary fix has been posted on page 2. I also experienced the same issue wherein the inbound QoS speed always defaults to the Default class (Ex. Crawl), so the inbound speed is totally slow.

    Edit: The fix can be found here: https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm.74117/page-2#post-296426
    pegasus123 likes this.
  9. pegasus123

    pegasus123 Addicted to LI Member

  10. bd0426

    bd0426 Networkin' Nut Member

    Thank you for the suggestions. You are correct in assuming that I am not using the wireless filter, my fields for 'max clients' is limited to 32 (which is also the case with the last Toastman I've been running for some time) and nothing done with dhcp/arp/bw. I have tried deleting and re-creating connection profiles on client devices to no avail as well. I am able to consistently recreate the situation after a fresh 'thorough' nvram clearing and setting up the 2.4GHz radio with the default SSID and a WPA2AES key of 12345678 and trying to connect 10 devices.

    Odd, right?
  11. bd0426

    bd0426 Networkin' Nut Member

    Thanks for the reply. Indeed, I am familiar with that setting. Antifortuitessnessly the field for max wireless clients on these particular RT-AC3200s seem limited to 32, perhaps as part of the cfe or other lower level part of the embedded firmware that is beyond my skills and understanding. The 32 limit is also present in other firmwares, including the last Toastman that I have been running successfully for some time. Previous to employing the RT-AC3200, on initial setup I habitually configured the max wireless clients as 255 on my previous router(s) up from the default of 128, 'just cuz' even though I would never approach that many devices.
  12. eangulus

    eangulus Network Guru Member

    No probs. I definitely do go over the 32 devices on at least 2 networks I manage.

    1 is a business with around 30 staff.

    The other is my home. With 5 kids, each of us with laptop, tablet and mobile, then add in six gear like 15 smart bulbs, harmony remote etc etc, easy to go over 32...

    Sent from my Pixel XL using Tapatalk
  13. apvmtan

    apvmtan Serious Server Member

    Flashed 2018.2 to my ea6900 with modded cfe, so far so good. Don't use QOS, everything default, only static IP and mac address filter.
  14. Lorenceo

    Lorenceo Networkin' Nut Member

    I flashed 2018.2 to my R7000 last night. Seems to be running quite well. Happily moving 930/470Mbps on a 1000/500Mbps PPPoE connection with CTF enabled. :)

    One thing I did notice though, setting the WAN MTU to 1500 for PPPoE with jumbo frames enabled didn't seem to result in 1508 byte packets being sent from the WAN port. They still appeared to be 1500 byte packets, with the PPPoE MTU stuck at 1492.
    FWIW my ISP (2degrees) does support RFC4638.
  15. koitsu

    koitsu Network Guru Member

    Are you implying other firmwares did RFC4638? I'm not aware this feature was implemented anywhere, and I would imagine this would be incredibly rare to find consumer ISP-wise anyway. As such, you may have to drive this one yourself. Would suggest bringing down the PPPoE daemon, doing packet captures on the WAN interface (if this is possible, ex. tcpdump -p -i vlan2 -s 65535 -w /tmp/capture.pcap), starting up the PPPoE daemon and letting things settle for ~15-20 seconds, ^C'ing the tcpdump, then copying the file off somewhere that has Wireshark installed + look for the relevant tag to see if it's even provided by the PPPoE client: https://tools.ietf.org/html/rfc4638#section-4 . If it is, then the MRU negotiation from the ISPs end probably results in RFC1661 application, i.e. 1500 or 1492.
  16. Lorenceo

    Lorenceo Networkin' Nut Member

    No. My apologies, that was a bit ambiguous. I've not managed to get it working in a reliable way on any other variants of Tomato.
  17. koitsu

    koitsu Network Guru Member

    Gotcha. Here's what I can tell you, as someone who can look at source but doesn't use PPPoE:

    There are two things in the TomatoUSB repo (specifically looking at tomato-arm-kille72): router/pppd and router/rp-pppoe. Not sure which is used for what, but router/rp-pppoe/README says "a PPP-over-Ethernet redirector for pppd". I will assume this is a client of some sort.

    router/rp-pppoe does have code for RFC4638 support. However, taken from doc/CHANGES:

    - Permit both PPPoE server and client to specify an MTU/MRU of 1500 assuming
      the underlying Ethernet interface has an MTU of at least 1508.  The larger
      MTU is negotiated per RFC 4638.  NOTE: Only available with kernel-mode
      plugin, not user-mode pty redirector.
    There is doc/KERNEL-MODE-PPPOE which describes the requirements, including that a unique way to build the software must be used. However, the docs have a line that says "if using pppd 2.4.0 or newer, you can skip steps 1 and 2", except that instruction is in step 1. If you look closer, you can see the steps are numbered from 0 onward. So... did they mean steps 0 and 1? I... I don't know? Who writes documentation like this?!? :p Let's see if we meet the requirements:

    * Kernel must be 2.4 -- OK
    * Must be using pppd 2.4.0 or newer -- router/pppd/README.linux says 2.4.5. Digging through the mess of Makefile bits, it appears the file that tells us definitively is router/pppd/pppd/patchlevel.h, which says 2.4.5 -- OK
    * Actual router needs an mknod of /dev/ppp to major/minor 108/0 -- OK (checked on my own router)
    * Need to correlate certain devices with certain kernel modules via /etc/modules.conf. This is talking about a normal Linux distro, Tomato is a little different in how that's done.
    * Several kernel configuration file flags must be set to y (statically included) or m (module). Let's see if we can figure out what's in the kernel config (or modified via release/src-rt-6.x.4708/Makefile) to see if that's what TomatoUSB actually uses..... okay, no modifications via release/src-rt-6.x.4708/Makefile, so that leaves release/src-rt-6.x.4708/linux/linux-2.6/config_base. Let's see (and no, CONFIG_PPP= is not a typo):

    .../release/src-rt-6.x.4708/linux/linux-2.6 (shibby-arm) $ egrep '(CONFIG_PPP=|CONFIG_PPP_ASYNC|CONFIG_PPP_SYNC_TTY|CONFIG_PPP_DEFLATE|CONFIG_PPP_BSDCOMP|CONFIG_PPPOE|CONFIG_N_HDLC|CONFIG_UNIX98_PTYS)' config_base
    # CONFIG_PPP_BSDCOMP is not set
    Looks like CONFIG_PPP_BSDCOMP isn't set at all, and CONFIG_N_HDLC is missing too. I checked the kernel code -- they are in fact used in there. Also not sure of the implications of everything being static but CONFIG_PPP_DEFLATE being a module (might be OK, might not). I know what DEFLATE and BSDCOMP are -- they're types of compression. More on that in a moment. Point is: do things even work with one of these not set?

    So, to me it looks like it's "sort of" there, but not entirely.

    Reviewing router/Makefile -- which is what TomatoUSB uses to build all this third-party stuff -- we can see that rp-pppoe is built with --enable-plugin=path/to/pppd which is supposed to enable the rp-pppoe.so plugin in the code (but not necessarily used at runtime). Runtime is through the pppd configuration file, where some new directives are added to provide rp_pppoe functionality.

    Reviewing router/rc/wan.c function config_pppd(), for a WAN type of PPPoE only (not PPTP!), I can see what ends up in /tmp/ppp/{something}_options. I believe the {something} is a WAN prefix due to MultiWAN. This is probably the PPPoE configuration file. I also see there are lines there that put rp_pppoe_service and rp_pppoe_ac into the configuration file, which implies rp_pppoe is functional/usable.

    The rp-pppoe docs say that in pppoe.conf, the line LINUX_PLUGIN=/etc/ppp/plugins/rp-pppoe.so must be added to the configuration. I can't find any reference to LINUX_PLUGIN anywhere in /rom. But in the same aforementioned router/rc/wan.c function I see the directive plugin rp-pppoe.so is added to the /tmp/ppp/{something}_options. Is that enough? I assume so? I don't know. There's also mention of new directives like nic-XXXX which are also used/referenced in router/rc/wan.c, so more evidence points to yes.

    And finally, in the same doc/KERNEL-MODE-PPPOE, at the very bottom, we find this:

    The kernel-mode PPPoE plugin permits an MTU of up to 1500 on the PPP
    interface providing that the MTU on the underlying Ethernet interface
    is at least 1508.  In /etc/ppp/pppoe.conf, set MTU=1500 and MRU=1500 to
    enable the larger PPP MTU.  The larger PPP MTU is negotiated according
    to RFC 4638.
    Back to the code in router/rc/wan.c once again: I see both mru and mtu being set in this config file, but the syntax is different (mru XXX mtu XXX, not MRU=XXX or MTU=XXX), and those values are based on a single NVRAM variable: {something}_mtu (not separate ones for MRU or MTU! Both values use the same variable). This NVRAM variable is not the same thing as {something}_wan_mtu! That's for WAN type PPTP! Such greatly-named NVRAM variables. And like before, {something} is probably related to MultiWAN.

    But now we circle back even further: I notice that in the same router/rc/wan.c code there's use of the directives nobsdcomp and nodeflate. So... we compile deflate as a kernel module, but don't use it, and we don't include bsdcomp at all in the kernel and also don't use it, but the rp-pppoe docs say............. Yeah. You get the picture here (answer: nothing is clear). Don't forget: the initial doc I listed off said you need an Ethernet interface MTU of 1508 or larger, while (if I'm reading this right) the PPPoE configuration MRU/MTU must both be set to 1500. You may find that things like ifconfig {interface} mtu 1508 or ip link set dev {interface} mtu 1508 either won't work or won't stick. I'm not sure which interface this should be (maybe vlan2? br0? I don't know). If it's talking about real/actual jumbo frames, I've literally never seen those work on TomatoUSB (and they're a nightmare anyway -- to use them, you essentially have to have all your network interfaces, incl. physical, all support them. I've only seen JFs used on a dedicated NIC on a dedicated private network for server<->SAN interfacing via iSCSI, not as a general-purpose thing).

    I've done most of the investigative work there as best I can. The end result is: doing packet captures on the interface is probably the most definitive way to find out what's going across the wire between you and your ISP. It would be the best way to see if what the client is sending is indeed RFC4638 compliant. For all I know, it might be working client-wise but your ISP rejects it and says 1492 anyway. :) Dunno.

    Anyway, you can tell from my above "adventure" that this stuff is not as simple as enable_magic_fat_mtu=yes in some random config file. There's a lot involved to make it work, and the Tomato code (esp. MultiWAN) doesn't help the matter any.

    P.S. -- Sorry for the bitbucket.org links, but sometimes that service doesn't work right with per-line referencing (ex. #filename-lineno), so you may have go to the link, click Back, then Forward again. Whatever; the more I've used BB, the more disappointed and annoyed I've gotten. GitHub is by far superior, IMO. *shrug*
    Last edited: May 3, 2018
  18. Edrikk

    Edrikk Network Guru Member

    @pedro311 @kille72
    I have for the dhcp6 client I have just merged a bunch of fixes from a couple of places. In specific:

    I don't use this functionality, nor do I have the technical background to speak to or fix, but there were a number of issues which were fixed but never made it back to upstream as it is no longer maintained.

    In addition a bug report caught my eye which I fixed... This one is around mis-use of memset... I'm not sure how it worked before, but there's a good chance that many issues were due to garbage in the data (or if didn't cause issue, it was likely due to luck or compilers being very cooperative). e.g.:

    ifbuf is a char * pointer passed into the function... One should use the passed in value to memset.

    - memset(ifbuf, 0, sizeof(ifbuf));
    + memset(ifbuf, 0, ifbuflen);

    and (uses sizeof on memory address)

    - memset(evd, 0, sizeof(evd));
    + memset(evd, 0, sizeof(*evd));

    and in auth.c (uses size of memory address instead of checking size of structure)

    - memset(ctx, 0, sizeof(ctx));
    + memset(ctx, 0, sizeof(hmacmd5_t));

    Like I said, all the various patches make sense/are sane, but I'm out of my depth technically.
    Should hopefully help though... No promises...

    M_ars, Sean B., pharma and 3 others like this.
  19. pedro311

    pedro311 Networkin' Nut Member

    Thanks for fixes ;)
  20. RMerlin

    RMerlin Network Guru Member

    Just a heads-up: with the recent switch to a monotonic clock, miniupnd's lease_file was a bit broken (the value stored in it could no longer be used by routers for reporting the info on their webui, as the datestamp was relative to whatever monotonic clock used internally by miniupnpd).

    I discussed the issue with the author, who made changes to make it be once again usable for our own use on a firmware's webui. Discussion can be found here:


    If Tomato was reporting how much time was left on an existing UPNP forward, you will have to eventually adjust if you upgrade miniupnpd. Short version:

    - Stored time is now the remaining time, in seconds
    - Sending a SIGUSR2 to miniupnpd will make it generate an up-to-date upnp_lease file (a bit similar to what dnsmasq is doing).
    cybrnook, peyton, M_ars and 5 others like this.
  21. smitty870

    smitty870 Networkin' Nut Member

    I recently purchased an RT-AC68U B2 and currently running DD-WRT. RT-AC68U B2 is not listed as a supported router, just wondering if anyone has tried it anyway? If there has been any success in installing it on the B2 or what can I expect. I much prefer Tomato over DD-WRT any day.
  22. Joe A

    Joe A Networkin' Nut Member

    I don't have an answer to your question, but can you tell me how you installed dd-wrt on this router?
  23. smitty870

    smitty870 Networkin' Nut Member

    The only firmware I got working was Kong Build http://www.desipro.de/ddwrt/K3-AC-Arm/, download:

    This is how I did it on the RT-AC68U B2
    1. Factory resets
    2. Place into firmware recovery mode https://www.asus.com/us/support/FAQ/1000814/
    Follow the guide until it talks about firmware restoration
    STOP HERE: "Click[Start]→[All programs]→[ASUS utility]→[Wireless Router]→[Firmware Restoration]"
    a. Turn router off
    b. set static IP on your PC /
    c. hold down reset button
    d. wait till power light slowly flashes
    e. browse to
    f. Upload Kong Build

    3. wait 20 minuntes
    4. set your pc to DJCP
    5. Configure
    Joe A likes this.
  24. Joe A

    Joe A Networkin' Nut Member

    Thank you!
    smitty870 likes this.
  25. sigmaris

    sigmaris Serious Server Member

    In the 2018.2 release there seem to be missing IPSec modules in the arm-extras.tar.gz package.
    For example, compare the contents of "extras/ipsec" in arm-extras-nosmp.tar.gz and arm-extras.tar.gz on https://exotic.se/freshtomato-arm/v2018/2018.2/
    In the -nosmp archive there are many IPSec modules which are missing from arm-extras.tar.gz. Without those modules, Strongswan (which I was using with a previous version of Tomato) no longer works. And I can't load the modules from the -nosmp archive on my R7000.
  26. oglops

    oglops Connected Client Member

    Any plan to support asus rt-ac1900p? It seems it has the same cpu as ac68u hw version c1, according to this snb thread. I tried flashing the ac68u aio 2018.2 firmware both from asus firmware restoration utility and from miniweb but both ended with a bootloop.
    Last edited: May 7, 2018
  27. I could be wrong, but I believe the rt-ac1900p is the model E1 of the AC68/RT-AC1900 and it suffers the same problems with Tomato as the C1 variant. I recall reading here that Shibby was working on getting the C1 variant working but I don't know the progress. I would think that if he is successful, it shouldn't be too hard to get the E1 working.
    Last edited by a moderator: May 6, 2018
  28. oglops

    oglops Connected Client Member

    It seems the issue is still open and no further news from shibby.
    Last edited: May 6, 2018
  29. Edrikk

    Edrikk Network Guru Member

    @kille72 @pedro311

    Found updated sources for bridge-util and have incorporated. Same caveat as before... Compile tested and loaded onto my R7000, but not much more. The changes look sane and are all fixes (as recent as a few months ago).

    Source: https://kernel.googlesource.com/pub/scm/linux/kernel/git/shemminger/bridge-utils/

    Fixes since prior version 1.5 in Tomato are below. In addition I have removed "configure" from git, and added autoreconf to make in order to generate it on system. Cleans and reduces size of repo.

    42c1aef brctl: fix signed/unsigned comparison warnings by Stephen Hemminger · 10 months ago master
    b69811c libbridge: add missing sys/time.h include in header by Aleksander Morgado · 10 months ago
    7b42114 libbridge: Include the configured CFLAGS when compiling by David Michael · 12 months ago
    b9841b0 bridge-utils 1.6 release by Stephen Hemminger · 1 year, 7 months ago v1.6
    fec4f55 man: add obsolete notice to man page by Stephen Hemminger · 1 year, 7 months ago
    821a735 brctl: better error handling by Stephen Hemminger · 1 year, 9 months ago
    44d276b Fix building on musl libc by Kylie McClain · 1 year, 11 months ago
    76f97da bridge-utils: Pretty print configure help by Andrey Mazo · 4 years, 2 months ago
    2ccf7b1 bridge-utils: AC_OUTPUT should be used without arguments by Andrey Mazo · 4 years, 2 months ago
    c50a537 bridge-utils: Remove unused variable in doc/Makefile.in by Andrey Mazo · 4 years, 2 months ago
    6d9236a bridge-utils: Abort compilation on error in any subdirectory by Andrey Mazo · 4 years, 2 months ago
    97d6888 Clean up autoconf debris when doing make maintainer-clean by Stephen Hemminger · 5 years ago
    6f83ef1 ignore build files by Stephen Hemminger · 5 years ago
    32b4d8f rename configure.in to configure.ac by Yegor Yefremov · 5 years ago
    8e31694 update email address by Stephen Hemminger · 5 years ago
    5eebb7f bridge-utils: Fix compile against linux-3.8.x by Russell Senior · 5 years ago
    4ad479e Fix typo's on man page by Stephen Hemminger · 6 years ago
    4decdea bug with older glibc: "brctl show" shows nothing by David Johnson · 7 years ago
    7fc99b7 skip . and .. in accurately in isbridge() by Xiaochen Wang · 7 years ago
    bb9970a Check error returns from write to sysfs by Stephen Hemminger · 7 years ago
    c7ed099 Fix error message for incorrect command by Stephen Hemminger · 7 years ago
    8ef7b77 Fix incorrect command in manual by Stephen Hemminger · 7 years ago
    M_ars, kille72 and Elfew like this.
  30. lceron

    lceron Network Guru Member

    thank you for keeping tomato going. i just wanted to ask someone who has my similar setup with one issue i am having. i have a r6300v2 running aio 2018.2 firmware. i have my wifi router setup as an access point which works flawlessly. the only issue i have is that the time is not available under this setup. i turn off wifi from 00:00-06:45. if router time is not available this setup doesn't work because the wifi on/off is dependant on the router time. can someone with similar setup confirm as an issue or am i missing something? thank you again.
  31. ruggerof

    ruggerof Network Guru Member

    I am not using FreshTomato but I do have 2 routers running Toastman as AP.

    This issue is sort of common as the AP can be alive before your main router/gateway is and therefore cannot get the correct time from the internet and wrongly "receive" a KoD. All you have to do is to force your R6300v2 to reset KoD to get the time from the internet. Another alternative is just to reboot it.

    In both my APs I added a script in Init like this to avoid such issue.

    sleep 60
    radio off 0
    radio off 1
    while [ $i -le 100 ]
      year_now=$(/bin/date +%Y)
      if [ $year_now -gt 2016 ]
        logger -t "INIT Script" "NTP Time OK - Exiting loop"
        radio on 0
        radio on 1
        exit 0
      logger -t "INIT Script" "${i} - Waiting 10 minutes"
      sleep 600
      logger -t "INIT Script" "Restarting NTP"
      nvram set ntp_kiss_ignore=1
      nvram set ntp_kiss=
      nvram set ntp_tdod=1
      nvram set ntp_updates=6
      service ntpc restart
  32. _s3n0_

    _s3n0_ Connected Client Member

    This has already been discussed many times.

    Problem number 1 is that the Polish author of Tomato Shibby firmware has no free time to manage his project (family, wife, ...). So after 1 year of non-updating Tomato Shibby we can talk about a dead project already.

    Kille72 has taken on the update of the already modified Tomato Shibby code and can be said to have taken over the relay. Kille72 goes on with his project, now renamed "TomatoFresh" (instead of the original @ kille72). However, the code is old - intended only for old chipsets.

    Problem number 2 is that the software development kit is outdated (the tool that compiles the code for TomatoShibby and TomatoFresh). This old SDK can not compile codes for new ARM processors with totally different chipsets (different hardware). And even if it's an ARM processor - it's already a new chipset - there's a different architecture.

    So, the old ARM processor chipsets are always supported, but new chipsets are not and will never be. This would mean rewriting the whole code if kille72 would get the new SDK. It would mean practically starting a new project (reprogram everything) for this line of chipset with ARM processors.

    For example, Merlin (the AsusWrtMerlin firmware) owns a development kit for this different hardware. However, he did not make big changes from the original AsusWrt firmware. He added some new features, but the base code remains unchanged.

    Recently ASUS has stated that using ASUS firmware on other routers than ASUS is a license violation :). And the paradox is that ASUS has taken and continues to develop code just from the first "Tomato" firmware editions.

    Everything's sick. It is best to use the firmware that is always at the beginning of this: OpenWRT or DD-WRT. However, the problem may be configuration and compatibility with specific router types :).
    fenir and koitsu like this.
  33. usergay

    usergay Network Newbie Member

    I am having an issue with the Latest Fresh Tomato version: 2018.2 and VSFTPD. It appears that the service randomly crashes and doesn't restart rendering FTP connections useless. I can either reboot the router or start vsftpd manually (using ssh / telnet / webui) and everything works fine thereafter. Seems to be quite random but mostly when IDLE. I use ftp services almost daily and it was fine prior to this version. Any ideas on how I can troubleshoot this?

  34. Sean B.

    Sean B. LI Guru Member

    Anything in the system logs?
  35. RMerlin

    RMerlin Network Guru Member

    What's illegal is running their firmware with the licensed components that they added, as these are only licensed for usage on specific devices. This has nothing to do with the fact that it was originally forked from Tomato. The Tomato parts of their code remain GPL.

    It wasn't stated by Asus, it was stated by me BTW.
    pomidor1 likes this.
  36. pomidor1

    pomidor1 Networkin' Nut Member

    I like a positive vision of the world. Let's enjoy what we have, the few crazy man that take their time (and the time of such people could be highly priced) for us.
    You can not destroy everything and rebuild in three days as in a Bible.
    Moreover, AsusWRT is derived from Tomato and not vice versa.
    According to Shibby, who still works on it according to kille72, the appropriate amendment is almost ready. Asus ac68u_C1 works on a tomato only after a reset does not hold the value in nvram. This amendment is also related to KRACK for the SDK6.
    I think that publishing the works and insight into them by other specialists such as @Sean B. or @koitsu could help break this barrier in the development of Tomato.
    Last edited: May 11, 2018
    Magister likes this.
  37. Edrikk

    Edrikk Network Guru Member

    @kille72 @pedro311

    I had a look to (re)update and (re)enable ntpclient in Tomato.

    Based on a few threads from @koitsu here and @jerrm here I know that the history is that John wrote the "current" ntpc from scratch (i.e. dead-end, unsupported code), Shibby tried switching to ntpclient via commit 75175c1, however this had to be partially rolled back in commit a899e8e because the router would not set the time on a reboot.

    As jerrm noted, ntpc does a bunch of things including adding/deleting from cron to get ntpc/ntpsync to work.

    I have created a PR against kille72's branch with two commits. I have separated it into two commits so that if there is a need to rollback, you can only revert the change that flips the switch from ntpc to ntpclient, while leaving the upgraded ntpclient code in place.

    • Commit 76bb901 Updates ntpclient to version 2017_246 of the fork by troglobit - More notes below.
    • Commit 660ccca Switches from ntpc to ntpclient
    • Commit 709b1ab Update the Makefile to switch to ntpclient as well... Missed to upload this one first time

    troglobit's fork of ntpclient is based on the "original" from Larry Doolittle, but:
    • More up-to-date (last commit under a year ago)
    • Supports IPV6
    • Supports running as a daemon
    • Supports syslog
    • etc

    As part of the changes, I've enhanced the ntp start process in Tomato to:
    • Respect the Users' time lapse between updates value (prior effort didn't do this... And seems unless I'm misreading to have had a hard-coded value telling ntpclient to check every 3 seconds!
    • Have marked any changes (the very few) changes to the code with "TOMATO" markings. If anyone wants to make this into a proper patch and keep source absolutely clean, please go for it.
    • The GUI has a weird (to me) behavior of asking the user to select an ntp region (e.g. North America), and then instead of saving to NVRAM and there-by using (e.g.) north-america.ntp.pool.org, it creates a long string in the NVRAM var with 3 values 0.north-america.ntp.pool.org 1.north-america.ntp.pool.org and 2.north-america.ntp.pool.org.
      I don't understand why separate it out vs. just having north-america.ntp.pool.org figure it out.
    • The old ntpclient start assumed a 32 char array... This was way too small and overflowed. I've used 500 char local non-static array, but if anyone wants to change that, go for it.
    • ntpclient supports only 1 ntp server passed to it. So I've parsed the long string and simply grabbed the first server (i.e. up to first space/null). Some enhancements that someone might look at:
      • Fixup the GUI (time->basic) to "properly" not split into the 3 ntp servers but just use the 1 higher level one, or just copy the same 1 higher level one into the 3 spots as a hack to avoid touching the rest of the time->basic page.
        Either way, the logic in start ntpclient will keep working... And it's a safety as well in case people don't clear NVRAM.
      • Leave the GUI alone, but enhance the start ntpclient code to parse the string to count the number of servers, randomly pick a server (srand using pid not time as time isn't set yet), and pass that as the server to ntpclient.
    • I haven't touched the GUI... So basically things like Kiss of Death (which I think was broken under ntpc) at the GUI layer will still look at the same NVRAM variable value. So I would suggest clicking on clear in the GUI if you've already been marked... It doesn't correlate with ntpclient as that handled internally by the daemon.
    • As I said before, there is an opportunity to pull out the areas marked "TOMATO" in ntpclient.h and .c and move them into a patch file.
    • Maybe look at also removing the "old" custom Makefile and use troglobit's more correct/modern/proper Makefile.am/configure/etc setup...
    That's it... Feel free to cherry pick. I've had this running on my R7000 for a couple of days (and multiple intentional reboots) without issue.

    I think this also potentially paves the way to moving to the busybox ntpd, as at first glance, the "start ntpc" function now is fairly in-line with the needs of ntpd as well... But that's for another time...

    The usual caveat: I'm not able to support this... But at least the code is now not proprietary (so there is upstream support), and there are smart people here with deeper knowledge than I who can tinker if needed. Also again, worst case, I've separated into two commits so that we can revert if needed without having to undo the (big) effort of updating the ntpclient code and understanding where Tomato's hooks are/were etc.
    Last edited: May 11, 2018
    pomidor1, Elfew, Justio and 1 other person like this.
  38. _s3n0_

    _s3n0_ Connected Client Member

    @RMerlin , @pomidor1 :
    Exactly the same I wrote.

    ASUS uses the Tomato firmware code that began to develop years ago. And again Tomato started to develop from DD-WRT and later became very popular.

    ASUS bans to use their "own" firmware on non-ASUS devices. It's really funny.

    As for Shibby, I read several months ago that Shibby no longer has the time to update her firmware (packages, modules, plugins, bash scripts, master code, WebGUI, etc.). Therefore, TomatoShibby firmware is dead.

    I have been using TomatoShibby for many years on many routers. The updates came at least once every 3-6 months. Shibby has not updated the firmware for a long time. There are a lot of bugs that have been found and fixed in other firmwares (dd-wrt, openwrt, kong, or other Tomato distributions such as @kille72). I personally use only AsusWrtMerlin on my Asus RT-AC66U-B1 (AC68U), but I would like to have TomatoShibby or @kille72. Unfortunately, this is not possible for the reason described above (a different hardware architecture).

    Removing ASUS features would be complicated. Getting to ASUS's source code is a counter-license agreement, because the firmware code should be publicly available, for example, on GitHub servers like Open Source. They use the hole in open-source licenses by adding, for example, a driver for their WiFi (just as an example), and so they are already talking about another license. But it is still a stolen work for thousands of programmers from around the world. What else can you expect from the Chinese? :) It's legal theft of code and its exploitation for commercial purposes (for selling money routers) :). It would be right if ASUS were selling their routers without firmware. Or, if ASUS paid a percentage of profit to all programmers who participated in the development of the old Tomato firmware and the old DD-WRT firmware. I hate this behavior of big corporations.
  39. RMerlin

    RMerlin Network Guru Member

    Your accusation of "stolen work" is BS. You obviously don't understand how the GPL licensing work.
    Jacky444, Sean B., Magister and 2 others like this.
  40. koitsu

    koitsu Network Guru Member

    If there's any beef to be had, it's with Broadcom, not Asus.
  41. Pess0g

    Pess0g Networkin' Nut Member

    Since Multiwan was added,it occurs iproute brings chaos to routing table.

    table 251 is for vpn tunnel.
    OPENVPN daemon with "persist-tun" was started by ssh.GUI was untouched.

    root@unknown:/jffs/ovpn# ip rule add from table 251 prio 2
    root@unknown:/jffs/ovpn# ip route show table 251
    $vpn_remote dev tun21  scope link  src $vpn_local dev br0  scope link  src
    default via $vpn_remote dev tun21
    root@unknown:/jffs/ovpn# ip route flush cache // at the same time I ran "ping" on
    root@unknown:/jffs/ovpn# ip route show cache | grep from via $wan_gateway dev ppp0  src from via $vpn_remote dev tun21  src from dev br0  src $vpn_local dev tun21  src $vpn_local
    All packets was lost except the first one. Capture.PNG

    I stopped and continued with the parameter "-t", flushed cache and watched again. The result was odd there was only one routing lasting for less than half a minute.
    root@unknown:/jffs/ovpn# ip route show cache | grep from via $wan_gateway dev ppp0  src
    root@unknown:/jffs/ovpn# ip route show cache | grep from via $wan_gateway dev ppp0  src
    root@unknown:/jffs/ovpn# ip route show cache | grep from via $wan_gateway dev ppp0  src
    root@unknown:/jffs/ovpn# ip route show cache | grep via $wan_gateway dev ppp0  src $wan_ip from via $wan_gateway dev ppp0  src from dev br0  src $wan_ip
    root@unknown:/jffs/ovpn# ip route show table 251
    $vpn_remote dev tun21  scope link  src $vpn_local dev br0  scope link  src
    default via $vpn_remote dev tun21
    No routing to vpn .Should it work? Sorry,no.
    Routing to openvpn was lost in the cache.I guess it was deleted as soon as the cache had been flush again.But traceroute and ping still both gave failure.
    Then I added "ip rule add to " but this worked as normal.
    root@unknown:/jffs/ovpn# ip route flush cache
    root@unknown:/jffs/ovpn# ip rule del from table 251 prio 2
    root@unknown:/jffs/ovpn# ip rule add to table 251 prio 2
    root@unknown:/jffs/ovpn# ip route flush cache //at the same time I ran "ping" on
    root@unknown:/jffs/ovpn# ip route show cache | grep from dev br0  src $vpn_local from via $vpn_remote dev tun21  src from via $vpn_remote dev tun21  src via $vpn_remote dev tun21  src $vpn_local
    "to destination" was seen working fine but the routing table was still different. And " via $vpn_remote dev tun21 src $vpn_local" shouldn't exist.

    This issue covers all the arm firmware from shibby versions above 132 to freshtomato 2018.2.
    It should look like
    root@Router:/tmp/home/root# ip route show cache | grep from dev br0  src $vpn_local from via $vpn_remote dev tun21  src
  42. kille72

    kille72 LI Guru Member

    I have cherry picked these two commits and compiled new firmware. Unfortunately, it does not work here, tested several restarts, nothing interesting in the log...some ideas?

    Last edited: May 11, 2018
  43. Edrikk

    Edrikk Network Guru Member

    kille72 likes this.
  44. usergay

    usergay Network Newbie Member

    No, nothing that would indicate a problem with vsftpd, I've also checked the logs generated by VSFTPD itself and nothing out of the ordinary there.
  45. koitsu

    koitsu Network Guru Member

    Re: vsftpd: By default, Tomato does not log segfaults or abnormal signals. Therefore if the daemon is crashing, there would be no indication of such happening other than the process no longer existing. This sounds likely.

    You can turn on segfault logging by doing echo 1 > /proc/sys/kernel/print-fatal-signals . If you want this to persist across reboots, then place that line in Administration -> Scripts -> Init. You will also need to run it once manually.

    A crashed process will then show up in dmesg or /var/log/message (thus Status -> Logs). You can test it by logging in and doing kill -SEGV $$ (this will kill off your shell with a SIGSEGV), then looking in one of the aforementioned places. Here's an example of such a test:

    root@gw:/tmp/home/root# echo 1 > /proc/sys/kernel/print-fatal-signals
    root@gw:/tmp/home/root# kill -SEGV $$
    Connection closed by foreign host.
    $ telnet
    Tomato v2018.1.039 -beta-kille72 K26ARM USB VPN-64K
    root@gw:/tmp/home/root# dmesg
    sh/32266: potentially unexpected fatal signal 11.
    Pid: 32266, comm:                   sh
    CPU: 0    Tainted: P             ( #2)
    PC is at 0x4019f340
    LR is at 0x24470
    pc : [<4019f340>]    lr : [<00024470>]    psr: 60000010
    sp : bec476a0  ip : 0007ffa4  fp : 00007e0a
    r10: 000805f8  r9 : bec476bc  r8 : 0008229c
    r7 : 00000025  r6 : 0007185b  r5 : 00000000  r4 : 00082284
    r3 : 00000000  r2 : 00082284  r1 : 0000000b  r0 : 00000000
    Flags: nZCv  IRQs on  FIQs on  Mode USER_32  ISA ARM  Segment user
    Control: 10c53c7d  Table: 9e20804a  DAC: 00000015
    Please note: the information shown here can't really help debug what the actual problem is -- it's not like a normal stack trace you might see in a normal Linux distro. That capability is not compiled into the kernel, so there's no easy way to get a stack trace that allows for easy debugging. But it will allow you to at least know if the program is crashing.

    To turn said display of segfaulted processes off, use echo 0 > /proc/sys/kernel/print-fatal-signals

    There are only two easy ways that I know of to debug this type of problem, given the above information:

    1. Figure out exactly how to reproduce the crash, then let someone else try to figure out the root cause + fix

    2. Makes sure you have a USB flash drive or HDD or something hooked up because logging may be large (hard to tell). After that, install and set up Entware-ng, opkg install strace, then run vsftpd under strace with some very specific flags: strace -tt -f -s 256 -o /path/to/usb/drive/strace.log vsftpd & and pray it happens again. Once it does, give someone the strace.log to a developer privately; THERE WILL BE PRIVATE INFORMATION IN THIS FILE (ex. username/passwords, pathnames, IPs, etc.) SO DO NOT GIVE IT OUT PUBLICLY. Do not use /tmp as a location for strace output file either (that's RAM). To kill off/end the process (if you need to), just do ps | grep strace and kill the related strace process AND the vsftpd process (you need to do both!).

    This still may not be enough to troubleshoot the problem unless something very apparent stands out syscall or syscall-argument-wise. If that's the case, then #1 is the only choice.

    Good luck and welcome to the pain of debugging programs on embedded devices with limited space/tools.
    Nathan Ellsworth and kille72 like this.
  46. kille72

    kille72 LI Guru Member

    M_ars likes this.
  47. kille72

    kille72 LI Guru Member

    New arm-extras.tar.gz is uploaded. I hope all modules are included this time.
    Last edited: May 12, 2018
  48. Edrikk

    Edrikk Network Guru Member


    I’ve looked at things and indeed it’ll be quite easy at this point given the work I’ve done to actually flip to using the standard out of the box Busybox ntpd.

    Benefits: Better support, smaller firmware, supports multiple ntp servers, can act as client AND server.
    Negative: Busybox ntpd does NOT support setting polling time after compile (minpoll and maxpoll are not implemented). This means user can’t choose hours between syncs as they do today which is probably a good thing. It’ll be handled and adjusted at runtime by ntpd automatically. Choices would become disabled, at boot only, and automatic.

    If I have time over the next few days I’ll put up a commit with this.

    Any thoughts or violent objections?
    kille72 likes this.
  49. zokstar

    zokstar Network Newbie Member

    Flashed my R7000 a few weeks ago and so far has been rock solid!

    Any tips/tricks on improving wifi speeds?
  50. Edrikk

    Edrikk Network Guru Member

    Alright @kille72 @pedro311
    We now have 3 working ntp capabilities... LOL.

    I have just uploaded commit 8c758bc which replaced ntpc/ntpclient with the built-in Busybox ntpd.

    We should keep the ntpclient update in git because it updated and cleaned up that directory a lot. It also gives options for the future if needed.

    The code has been updated as follows:
    • Update services.c code to start and stop ntpd instead of ntpclient/ntpc
    • Enable Busybox's ntpd .conf file to store server info. This is rebuilt on each ntpd start through start_ntpc (in services.c) based on ntp_server nvram variable contents. Therefore GUI selections are respected.
    • Split the 3 ntp servers in NVRAM and pass individually to ntpd so it can automatically choose one to use. These are written to the /etc/ntp.conf file.
    • Update the time->basic page to replace all the "Every X hours" options with a single "Auto interval" option. The backend code has been solidified both as a sanity check, but also to transition the users to value "1" if they previously had a higher value (e.g. higher than "Check Every 1 hour" previously.
    • In the auto-interval case ntpd is started with the "-l" flag, meaning it can also serve ntp time in addition to being a client.

    Size of firmware has dropped 4KB compared to ntpc and 8KB compared to ntpclient.

    I think we're in a good place now when it comes to ntp... We have a supported unified client and server within firmware, keeping GUI and NVRAM pretty much untouched.
    zokstar and kille72 like this.
  51. koitsu

    koitsu Network Guru Member

    This code is kinda "meh", and provides either a buffer overflow vector or a crash vector on line 1632 if reaching end-of-string (servers[i+1] is making a very bad assumption -- this can go past the end of servers!). Not good.

    I look at all this code and I think: why are we doing all this just to write data to a file?

    NVRAM variable ntp_server contains a space-delimited string of NTP servers. The GUI provides 3 form fields for servers, but they all get stuffed into ntp_server as described. POSIX provides us a great function called strtok(3) that makes our lives easier. So here's the the same result, without all the unnecessary stuff:

    #include <string.h>
    char *ptr;
    if ((f = fopen("ntp.conf", "w")) != NULL) {
      ptr = strtok(servers, " ");
      while(ptr) {
        fprintf(f, "server %s\n", ptr);
        ptr = strtok(NULL, " ");
    This will also handle weird edge cases where, for example, ntp_server might contain a trailing space.

    Remember: this isn't a helper function (e.g. a general-purpose function that returns a pointer to a multi-dimensional array of all the NTP servers to make it easy on a programmer); we're not abstracting out NTP server management. Apply KISS principle.

    I suggest cleaning up those #include statements as well (don't need stdio.h/stdlib.h; I think you may have left these in from debugging).

    I also don't know what the servers buffer was originally. Was it 500 pre-all-your-NTP-work, or was it 200? Leave it what it was originally, unless, say, Asus increased it (in which case, keeping with their size is wise/good). EDIT: httpd/tomato.c clearly defines ntp_server as 150 bytes maximum (V_LENGTH(1, 150)), meaning that's what the GUI will permit up to. So servers being 200 bytes should be perfectly fine.

    Finally: memset()'s 2nd argument takes an int, not a char. '\0' just happens to compile into 0 (NULL), which is why it works, but in general people say memset(dest, 0, len);
    Last edited: May 12, 2018
    kille72 likes this.
  52. Edrikk

    Edrikk Network Guru Member

    While I appreciate the "meh" comment (this is meant as a middle finger), I disagree with the feedback.

    1. There is no possibility of a buffer overflow or crash vector in current sandbox/environment. The reason being that the 200 char array "server" is more than sufficiently large enough to hold the largest ntp server name times 3 after prefixing etc by Tomato. Given that "server" is null’d out (initialized) before being filled, it will always be fully clean. The "+1" therefore is completely safe as it can ONLY be reached in a character sequence where current element is a space. Since the array is null terminated, +1 can only be "good"
    2. I am very well aware of tokenization. It is destructive to the array... I have taken the deliberate action of building a 2D array of strings to allow for easy re-use and refactoring. I prefer this approach. More condense code isn’t ALWAYS the best way to go.
    3. Regarding memset: I prefer consistency with rest of functions vs a theoretical that doesn’t apply for '\0' and NULL. <EDIT> Seems in this file unlike others people have used "0" so I’ll align to that for consistency.

    You’re right about the includes, will remove those.
    In order to be even more defensive agains abnormalities (eg people messing with NVRAM etc, I’ll add a check on size of it...
    Last edited: May 12, 2018
    kille72 likes this.
  53. koitsu

    koitsu Network Guru Member

    1. You're right. For some reason my brain was thinking the for-loop was using sizeof() and not strlen(), except that if that were the case, my description of the problem would've still be wrong. Heh.

    2. It is destructive, but who cares? servers is an actual buffer that's populated with strcpy(servers, nvram_safe_get("ntp_server")); so what's it matter if its spaces are turned into NULLs? It's not like it's a global variable used by everything else in the code base. Again: this is start_ntpc(), not a general-purpose helper function. It doesn't matter to me, but I would think a shorter/simpler function in this case would make for a better overall project (think of how much time people have to spend RE'ing long pieces of Tomato code as is); I'd also mention that strtok() is used throughout Tomato-specific code, grep -r strtok httpd rc shared for some evidence. Fear not the function! I probably should've used strtok_r() as well, but nothing we're doing in Tomato is threaded and I have no idea what uClibc has implemented so I tend to opt for portability. strsep() is another possibility (used heavily in Tomato code!) but the behaviour differs from strtok().
    kille72 likes this.
  54. Edrikk

    Edrikk Network Guru Member

    Fair enough. I have made a commit to harden the start:
    • Switched from static to dynamic array in case of unexpectedly long value in nvram
    • Switched to strtok
    • Added a 1 sec sleep after killall for a graceful restart
    • Removed leftover includes
    kille72 likes this.
  55. Flowgo

    Flowgo New Member Member

    The Samba documentation link should point to the version it uses rather than the latest, which would be this: [​IMG] (New accounts can't post links, very annoying.)

    On an unrelated note, if I'm using Policy-based Routing or something similar for my OpenVPN Client, how do I run the router's BitTorrent client, Transmission, through said VPN? I can't figure out how to bind it to its own IP or interface so I can isolate it.

    I also attempted to put some proxy settings in the Transmission config file, but they wouldn't take either.
  56. ruggerof

    ruggerof Network Guru Member

    I found a BUG which is the root cause of the problem @Iceron has.

    When WAN is "disabled", i.e. the router is working as an Access Point, no DNS query is done, therefore the router cannot find the NTP servers or anything that needs DNS resolution (for instance "ping" or "traceroute" don't work)

    To make sure that this bug is specific to FreshTomato, I flashed the same router (RT-AC68U) with Shibby 140 and this problem does not occur with Shibby 140.

    To note: I flashed FreshTomato 2018.2 and NVRAM was erased every time the router was flashed.
    Last edited: May 13, 2018
    TheHellSite and Techie007 like this.
  57. Sean B.

    Sean B. LI Guru Member

    This has already been discussed, run a basic search of the forum ( I don't recall the thread off hand )
    . For now, work around is to add this to the WANUP script:

    rm /etc/resolv.conf
    echo "nameserver X.X.X.X" > /etc/resolv.conf
    Where X.X.X.X is the IP for a DNS server of your choice.
    Last edited: May 14, 2018
  58. Techie007

    Techie007 Serious Server Member

    So when are we going to fix this bug instead of playing with a temporary workaround?
  59. Sean B.

    Sean B. LI Guru Member

    Whenever you submit a patch for it.
  60. sigmaris

    sigmaris Serious Server Member

    Yes, I can load all the IPSec modules and use Strongswan now. Thanks for all your work!
    kille72 likes this.
  61. renault

    renault New Member Member

    Hi to all!
    I have WS880 router and FreshTomato Firmware 2018.2 K26ARM USB AIO-64K
    When I try to apply any setting in USB&NAS->USB Support area router hangs, cannot ping. Only power reset helps.
    But setting are aplying.

    Storage 0 WDC WD32 00BPVT-00ZEST0
    Partition 'ENTWARE' ext3 (293.41 GB / 33.88 GB free) is mounted on /opt

    Asuswrt merlin was installed on this router before, and entware on hdd.
    NVRAM erased when install FreshTomato

    Any ideas ?
  62. Sean B.

    Sean B. LI Guru Member

    I would suggest to configure a custom log path so the system log is written to your USB HDD and will survive a reboot, then change a setting in the GUI so it freezes. After rebooting the router, access the system log on the HDD and see if it holds any clues.
  63. Edrikk

    Edrikk Network Guru Member

    Wanted to checkout the AdvancedTomato UI, so I transferred it over to the FreshTomato side to check it out... It's very slick... Very modern looking.
    In case there is interest, commit 1826cb5 is here.

    For future reference, no added work required beyond dropping existing www directory and loading the AT directory Feel free to cherry-pick if you'd like. Will leave it to you guys if you wish to rebrand to FreshTomato.
    Sean B. likes this.
  64. kille72

    kille72 LI Guru Member

    Very nice! You have to go through all pages and update missing features in AdvancedTomato UI as well. Quick example, advanced-firewall.asp:

  65. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member

    Here is where I brought this up earlier: http://www.linksysinfo.org/index.php?threads/fork-tomato-arm-by-kille72.73397/page-18#post-296113

    It is hard for me to follow the logic of the commit which broke this. I fear it is part of the ancient tangled-up history of single-WAN vs. multi-WAN Tomato. Someone wiser may need to attempt a patch.

    I might consider playing with it once I get a Tomato build environment working in my OpenStack lab.
    Last edited: May 15, 2018
  66. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member

    If by having lots of white (useless) space, yes it is modern. I like the denser traditional Tomato view. Perhaps my eyes are different or my monitors are all smaller. I would vote for not adopting it permanently in the Tomato base; perhaps as an option.
    NotVeryClever, jerrm and kille72 like this.
  67. pomidor1

    pomidor1 Networkin' Nut Member

    I would like to remind and appreciate the work of @AndreDVJ, who works in his compilations on the AdwancedTomato interface, it gives the possibility to download his images on the website: https://bitbucket.org/AndreDVJ/advancedtomato-arm/downloads/
    I myself use his compilation on the R8000 and I'm happy
    FreshTomato = 95-99% Tomato by @AndreDVJ
  68. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member

    Hi Koitsu,

    The above quote is a gem. Yet another thing many of us probably didn't know.

    Is there a place where such things can be saved for easy reference? I have a lot of things in bookmarks (many from you) and emails but it would be great to get them all together somewhere. I'd even be willing to put it together for others to use/update.

    What are peoples thoughts on this? Is there already a wiki-like place which could be used? Or perhaps just a pinned post at the top of FreshTomato group in Linksysinfo.org? But many of these tips are not FreshTomato-specific. However, given that FreshTomato is pretty much the only build currently active, then perhaps that is where to pin a thread.

    Thanks, Nathan
  69. jerrm

    jerrm Network Guru Member

    My number one complaint of many general(not just Tomato) UI "improvements" over recent years. I like more information at a glance. Now they want to make sure every screen and option has plenty of room for fat fingers to caress the screen.

    My other pet peeve is lack of keyboard navigation. Reaching for a mouse is wasted time.
  70. Jacky444

    Jacky444 LI Guru Member

    Actually keyboard is waste of time. I can do stuff much faster using mouse or even better touch screen. Stuff are mostly going towards touch screen / touch pads. Not keyboards. Those are getting obsolete being replaced by voice instructions/typing. Slowly but its getting there.

    Tomato is Linux based project and by my standards it has A LOT of features that 99% people don't need. For that purpose, GUI's can not be adapted/changed much unless you want to lose the features. I spent A LOT of time trying to improve the GUI and the effort it takes to actually do something is just huge. UI it self is great. That's the design, elements, shadows, animations (need little work), not much more can be done there. But to actually improve UX (which is what you are actually talking about - USER EXPERIENCE) that takes about 3-5x more effort than design it self. I was never willing to spend the time, because with that in mind, we'd have to re-code the entire GUI.

    Also, many people judge stuff on their monitors using monitors that have no real RGB settings, using low resolutions or stuff in way they were never meant to be used in. Its really hard to adapt something to fit ALL screens. To my eyes original GUI is awful and I can not stand it. Of course there is a choice. For that purpose, we're all happy there are multiple developers to fit wishes of every one no matter how different opinion they have.

    I'm happy FreshTomato is sticking to the roots in GUI department. Allows people to have choice. Bad part is that the time it takes me to adapt AT GUI to FreshTomato is currently to much for me so the project is pending (paused).

    This is very strange thinking. On my FULL HD monitor original Tomato interface wasted more than 40% of screen by being fitted on the screen center. True AT has little too much margins/paddings to people who are used to Tomato's compact interface. That could be changed by a simple theme, if anyone would bother enough to get it done.
  71. Edrikk

    Edrikk Network Guru Member

    Ok I have now completed the work to bring the AT UI to FreshTomato if you want to take it @kille72
    There were also some changes in tomato.c that I discovered... This allows the icons to show properly, etc.

    In total, the commits are:


    Looks gorgeous on both the desktop browser and mobile browser.
    Great job @Jacky444 and @AndreDVJ


    Haldi4803, Onee-chan and kille72 like this.
  72. Edrikk

    Edrikk Network Guru Member

    Not exactly sure what (useless) white space you're referring to... Legacy Tomato UI might be "smaller" but it's not denser as far as I've noticed. Just compare the two "Advanced Firewall" screenshots above.

    In addition, the usability of AT both on the desktop, and it's incredibly great rendering on the small screen is a massive UX improvement.

    The other point I'd bring up is that by unifying the UX of the various projects, people can benefit from bug fixes by multiple developers... Especially since all the various forks are pretty much on a very similar path.
  73. koitsu

    koitsu Network Guru Member

    By "useless white space" he's referring to large amounts of padding. Yes, stock TomatoUSB theme is denser (that is the correct word BTW). You want screenshot comparisons, here you go:

    This is 338x613 pixels. Please review how much data is being displayed in that resolution:


    Using the same section of the GUI from your screenshot, using the same space (338x613), and being fair/reasonable with its placement (i.e. not trying to make it look bad, honest), this is what you get:


    If you don't see the difference then I can't help you. Jacky's efforts are fantastic, and I appreciate them wholeheartedly (for example the side menu on the left is a great improvement), but tons of padding and making buttons larger does not necessarily make for a better UI. It subjectively and conditionally might make for a better UX (user experience), where the subjectivity is based on the device being used to view the page. That leads me to:

    Your screenshots have excessive anti-aliasing and smoothing applied to them, which gives me the impression they're taken from a mobile phone or tablet -- I see this a lot nowadays, it's very easy to notice (I'm 41 years old so graphically I tend to always lean towards pixel-precise things and don't like "filler"). Its easy to tell because the screenshots, plain and simple, look "blurry" or "smoothed", especially along edges of things -- almost like an unfocused camera. My iPad and Android phone do the same thing.

    Using the stock TomatoUSB GUI on a mobile phone -- and I have, several times, on my Moto G 2013 (resolution is 720x1280, so 326ppi, with a 4.5" display: small display but high ppi so it looks beautiful) -- is not a very fun experience. There's a lot of pinching/expanding+dragging to zoom in/out+pan to navigate it. However, this is rectifiable by use of CSS's Media Queries to determine, generally, what "sort of" device is being used based on the max-device-width, and if it's in landscape vs. portrait mode. This is all part of what people call (and I still maintain this is a very weird/bizarre word for it) "responsive design".

    But the fact remains: in the same resolution given, TomatoUSB can display more information than what those patches can/do. It's all because of excessive padding (whitespace) and use of larger elements. You don't need that to be "responsive". Whether or not you need larger elements has to be based on the type of device you're using. If you're on a desktop web browser, well guess what: don't worry about it, there's a reason every browser has a Zoom option. If you're on a mobile or tablet device it's more important for the reasons I described in my paragraph starting with "Your screenshots".
    Techie007, kille72 and jerrm like this.
  74. jerrm

    jerrm Network Guru Member

    Did you type your reply on the touch screen? Do you code using the touch screen? Did you have to take time to reach away from the keyboard to save the message using the button or simply use the keyboard shortcut?

    Different tools for different purposes, but if my hands are on the keyboard, "alt-s" is much faster and easier once learned than clicking or touching the post button,
  75. Edrikk

    Edrikk Network Guru Member

    @koitsu not sure what exactly exactly you’re getting at. I assume you’re referring to the Windows "ClearType" aliasing in the desktop screenshot, and I’m sure Apple does the same on the iOS side. Basically anything sitting on an LCD in the last 10 years does. Regardless, I still don’t get the point... I’m sure neither of us is doing work requiring bit-perfect precision.

    I think realistically, the question of what UI should Tomato evolve to shouldn’t be decided by a 2 or 3 guys who want to cram as much text as possible on a page, and only use it on a bit-perfect monitor.

    I think the TomatoAnon stats ( https://advancedtomato.com/statistics ) tell us what real world users want (both in terms of active as well as Unique DL counts of AT).

    PS. @jerrm: This reply was typed on a touchscreen.
  76. Sean B.

    Sean B. LI Guru Member

    My computer types my posts for me. As a matter of fact, I don't even know I posted this one yet.
    Magister and koitsu like this.
  77. kille72

    kille72 LI Guru Member

  78. jerrm

    jerrm Network Guru Member

    If only I had that kind of influence - I'd love to have a fork without the multi-wan infection we didn't have to maintain ourselves.

    Obviously the only 2 or 3 guys that matter are the ones carrying the project on. Opinions and discussion are nothing more than opinions and discussion. Those carrying the torch can give as much or as little weight to the discussion as they please.
    Last edited: May 16, 2018
    Techie007 likes this.
  79. koitsu

    koitsu Network Guru Member

    @Edrikk Since you're not sure what Nathan was getting at, or what I was getting at, then I'll rephrase it:

    If the goal is to waste screen real estate with blank space/excess padding, then great. If the goal is to convey more information and controls than blank space, well then no, this is not an improvement. You're conveying less information in the same amount of space that previously held more information. I proved it with the screenshot comparison, and it's what Nathan meant when he said "useless white space". It can't be refuted. It is possible to convey this information while still having "responsive" design.

    I say this while in full agreement that some slightly increased spacing around some elements, and maybe slightly larger checkboxes/buttons in stock TomatoUSB, would be an improvement. As said: using stock TomatoUSB on a mobile device or tablet is pretty "meh".

    So I fully support the efforts to update the HTML and CSS to a much more "responsive" design, but I do not support the visual results shown in that screenshot. Screen real estate is important.
    Techie007, jerrm and kille72 like this.
  80. Edrikk

    Edrikk Network Guru Member

    @koitsu clearly you didn’t absorb my response which was very nicely separated into blocks of thought (paragraphs). :)

    The first paragraph was referring to your comment about antialiasing. Hence the notes on ClearType (on desktop screenshot), and “equivalent” on mobile.

    The second paragraph shared that I don’t believe this Project should be the equivalent of Sears: Stuck in 2006 because some people in the boardroom (if this forum was that) think that people still want to wear baggy pants and suits in 2018; I’m not sure these people still blame other factors on their bankruptcy (well it was really the Kernel... Nobody came because the Kernel was 2.6... Yeah that’s it!)

    The third paragraph showed that based on the only objective statistics available on the post Shibby/Toastman forks of this project, AT UI shows a significant gap in use vs. any other.

    Hope this helped the understanding and absorption issue.

    And just sharing for the last time: This long response was also typed on a touchscreen. :)
  81. rgnldo

    rgnldo Networkin' Nut Member

    One help, I can not unbound in FreshTomato. Failed in ENTWARE-NG initialization script. No Asuswrt-Merlin works. Any tips on how to make it work?
  82. rgnldo

    rgnldo Networkin' Nut Member

    Best Dnsmasq configuration

    Attached Files:

  83. kille72

    kille72 LI Guru Member

  84. Edrikk

    Edrikk Network Guru Member

    Well, looking at both the above URL, and http://anon.groov.pl/ based on which its data is source, I see:

    - AT v3.5-140 has about 4500 Tomato Anon Users
    - AT V3.5-140 has been uniquely downloaded 39,015 times

    - FreshTomato+Kyle Tomato have about 450 Tomato Anon Users
    - Assuming linear/direct relationship, it would say about 4500 total Users.

    Given that functionality is quite the same, I extrapolate a 10-1 preference in the wild for AT vs. legacy Tomato UI.

    My thought process could be wrong, but that's how I thought about the numbers...
  85. kille72

    kille72 LI Guru Member

    I understand you now! I would like to implement 'AT UI' into FreshTomato if you could choose between 'Legacy Tomato UI' and 'AT UI', that would be optimal, or what do you think?
  86. pomidor1

    pomidor1 Networkin' Nut Member

    if you have a properly installed drive, label opt

    write in ssh

    ;-) dash in the middle not downstairs
  87. Edrikk

    Edrikk Network Guru Member

    I'm sure it's possible but I'm afraid that's not in my level of knowledge or time allowance...
    Onee-chan and kille72 like this.
  88. rgnldo

    rgnldo Networkin' Nut Member

    Melhor configuração WiFi
    Already configured ENTWARE. I installed unbound, but it looks like it has some conflict
  89. Edrikk

    Edrikk Network Guru Member

    Onee-chan and kille72 like this.
  90. jerrm

    jerrm Network Guru Member

    AT's download count probably has at least as much to do with AT's Google placement for any tomato related search as it does the actual UI, along with @Jacky444's attractive, inviting (and Google friendly) website.

    The only gateway to FT is this forum thread, which probably scares off folks as it is more focused on bugs, issues and fixes.
    Techie007 and koitsu like this.
  91. Edrikk

    Edrikk Network Guru Member

    @kille72 thanks again for the catch.
    I compared the .c files in httpd directory and 4 had minor enhancements that I've merged into 1b4a595
    The 4 files were for record keeping outside of git:
    • bwm.c
    • httpd.c
    • nocat.c
    • parser.c
    Onee-chan, Elfew and kille72 like this.
  92. jerrm

    jerrm Network Guru Member

    I wouldn't waste time for both. I prefer the legacy interface, but wasting time maintaining two when the project is under-manned doesn't make sense to me, but I'm not the one driving (nor likely to use anyway, other than cherry pick patches).

    If AT is the adopted interface, then maybe take some time to tweak an alternate compact CSS and be done with it.

    If overall uptake is the goal, then putting time into the "marketing" side of things would probably a better investment.
    koitsu and Joe A like this.
  93. Edrikk

    Edrikk Network Guru Member

    Agree 100% @jerrm with this statement:

    This tweaking could be part of what @kille72 and @pedro311 might undertake if they plan to 'rebrand' the modern theme.
    Onee-chan likes this.
  94. Jacky444

    Jacky444 LI Guru Member

    I agree with @jerrm about picking UI. Decide for one, not both. Maintaining two graphical interfaces is huge waste of time. I spent a lot of time adapting GUI updates from Shibby. I would never wish you do the same for your changes. Pick one.

    Tweaking AT for smaller paddings/margins is very simple. I was able to archive (for reasons of "testing") compact UI in matter of minutes. I just don't like it compact. I'm one of those people who like useless white space. Specially on my big monitors with QHD resolution (no scaling settings, 100% DPI). I did have plans to make it bit better on mobiles though, but as I said previously. I have no time for the project at the moment.
    Haldi4803 and Techie007 like this.
  95. Onee-chan

    Onee-chan Network Newbie Member

  96. tripper22

    tripper22 Serious Server Member

    I have an EA6900 with the latest Advanced Tomato installed. Can I just upgrade to Fresh Tomato using the web ui or do I have to clear all the settings and start over? Thanks in advance.
  97. Elfew

    Elfew Network Guru Member

    I agree that maintain two different GUI is really time consuming and waste of time and resources. Tomato fw was almost abandoned, but kille72, pedro and others guys brought Tomato back to life, thank you very much! So in my opinion se cannot afford to relocate time of our amazing devs to maintain two GUI.

    We should integrate the new modern GUI and make it even better... we can add some GUI tweaks and fix bugs. Anyway would be really nice to have @Jacky444 back in action to help with fixing bugs and adding new features into this amazing theme. Thank you guys!
  98. Onee-chan

    Onee-chan Network Newbie Member

  99. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member


    Choice is a great thing generally, but I agree maintaining two UI's would be wasted effort. I admit to knowing next to nothing about Web design and CSS, etc. If it is as simple as you say to tweak AT for padding and margin, how about adding a setting for that, like Gmail has for Compact, Cozy, and Comfortable? Could you share how you did the AT tweaking?

    When I tried AT a while ago, despite hating the wasted space, I did like the "responsive design" element.

  100. Nathan Ellsworth

    Nathan Ellsworth Reformed Router Member

    Could you do a one-off alpha build of current FreshTomato with AT UI, incorporating Edrikk's patches? Then we could try it out and the CSS experts around here could submit a few user-selectable settings/themes.

    I have a Linksys EA6700, ASUS RT-AC56U, or Netgear R6300v2 (or MIPS Linksys E3000) on which I could try.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice